ggshield hmsl check
Please note that Has My Secret Leaked features are currently in beta.
Check if secrets have leaked.
ggshield hmsl check [OPTIONS] PATH
Note: Secrets can be read from stdin using
ggshield hmsl check -.
--json: Use JSON output.
--full-hashes: Put the full hashes into the payload instead of the prefixes. This is useful for partners that trust GitGuardian because it allows to send more hashes per batch, and consumes less credits, but leaks more data to GitGuardian.
--naming-strategy [censored|cleartext|none|key]: Strategy to generate the hints in the output.
censored: only the first and last characters are displayed.
cleartext: the full secret is used as a hint (Not recommended!).
none: no hint is generated.
key: the key name is selected if available (e.g. in .env files), otherwise censored is used.
--type [file|env]: Type of input to process.
file: the input is a simple file containing secrets.
env: the input is a file containing environment variables.
This command supports all ggshield global options.
secrets.txt file containing:
$ ggshield hmsl check secrets.txt
Collected 3 secrets.
97 credits left for today.
Found 2 leaked secrets.
> Secret 1
Secret name: "hjshnk5**************************89sjkja"
Secret hash: "e9b39209f72228f30b60c19493a3f756ac97dc02ae7f52db2a3abbe3c3269339"
Distinct locations: 96
> Secret 2
Secret name: "sup3*************orGG"
Secret hash: "d775db0302080c1b7516109e929dd4b214a0f353ed3b66ff2e56c47d55a102ed"
Distinct locations: 33
Here’s an additional example when nothing is found:
$ ggshield hmsl check secrets2.txt
Collected 1 secrets.
99 credits left for today.
All right! No leaked secret has been found.